D'oH III: In 3-D! Plot Twist from Google/Chrome, Vixie approves?
It's not clear to me whether Paul is expressing approval of the whole shebang at this point, or just the one change they've made, but, just on first look, I don't think that change addresses *my* distaste for DoH, as discussed in last month's 100-poster. :-) https://www.zdnet.com/article/dns-over-https-google-hits-back-at-misinformat... TL;DR: they (Chrome) won't enable DoH unless it's being run from an internet which they know supports it; there are apparently a list of 8-12 ISPs/etc which are announcing such support. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
The difference is that Chrome won't use resolvers other than the ones you've configured yourself, and will simply opportunistically upgrade to DoH if they detect that those resolvers support it. In other words, there is no usurpation of administrative intent. Royce On Wed, Oct 30, 2019 at 7:30 AM Jay R. Ashworth <jra@baylink.com> wrote:
It's not clear to me whether Paul is expressing approval of the whole shebang at this point, or just the one change they've made, but, just on first look, I don't think that change addresses *my* distaste for DoH, as discussed in last month's 100-poster. :-)
https://www.zdnet.com/article/dns-over-https-google-hits-back-at-misinformat...
TL;DR: they (Chrome) won't enable DoH unless it's being run from an internet which they know supports it; there are apparently a list of 8-12 ISPs/etc which are announcing such support.
Cheers, -- jra
-- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
the relevant sentiment is: thanks for whitelisting a fixed number of them so i can block them. t On Wed, Oct 30, 2019 at 11:42 AM Royce Williams <royce@techsolvency.com> wrote:
The difference is that Chrome won't use resolvers other than the ones you've configured yourself, and will simply opportunistically upgrade to DoH if they detect that those resolvers support it.
In other words, there is no usurpation of administrative intent.
Royce
On Wed, Oct 30, 2019 at 7:30 AM Jay R. Ashworth <jra@baylink.com> wrote:
It's not clear to me whether Paul is expressing approval of the whole shebang at this point, or just the one change they've made, but, just on first look, I don't think that change addresses *my* distaste for DoH, as discussed in last month's 100-poster. :-)
https://www.zdnet.com/article/dns-over-https-google-hits-back-at-misinformat...
TL;DR: they (Chrome) won't enable DoH unless it's being run from an internet which they know supports it; there are apparently a list of 8-12 ISPs/etc which are announcing such support.
Cheers, -- jra
-- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
On Wed, Oct 30, 2019 at 9:02 AM Todd Underwood <toddunder@gmail.com> wrote:
the relevant sentiment is: thanks for whitelisting a fixed number of them so i can block them.
Not quite... Vixie wants the services to not exist to any (possibly compromised) device on his network. So it's less about what Chrome does than whether the service shares fate with a service he wants to use. Google supporting DoH on 8.8.8.8:443 is acceptable to him because he can block that, while Google supporting DoH on www.google.com/dns would not be ok since he would be unable to block it. Damian
participants (5)
-
Damian Menscher
-
Jay R. Ashworth
-
Royce Williams
-
Scott Morizot
-
Todd Underwood